Buffer overflow in GNU screen allows privilege escalation for local users.
Usually screen is installed either setgid-utmp or setuid-root.

It also has some potential for remote attacks or getting control of another
user's screen. The problem is that you have to transfer around 2-3 gigabytes
of data to user's screen to exploit this vulnerability.

w_NumArgs is signed integer, so after you've sent 2GB of ';' characters in
escape sequence it wraps to negative and the < MAXARGS protection fails.
Then it's only a matter of finding a position in memory where the next if
check passes and does something useful. I would guess there are multiple such
possibilities, but I didn't try to find any.

Window sizes
------------

I didn't really check this, but the code looked like there could be some
problems with large window sizes (eg. ESC[100000;100000t).

Vendor status
-------------

Sent a mail to screen (at) uni-erlangen (dot) de [email concealed] (16.10), no reply.
Sent a mail to screen mailing list (24.10), didn't help much.